A new banking trojan has made it to the news owing to its unique code and evasion techniques. Dubbed as Cerberus, the malware specifically targets Android devices. Presently, many attackers are renting it as malware-as-a-service on underground forums.

According to The Hacker News, the author claims that this malware was completely written from scratch and doesn’t reuse code from other existing banking trojans. Researchers who analyzed a sample of the Cerberus trojan found that it has a pretty common list of features including the ability to take screenshots, hijacking SMS messages, stealing contact lists, stealing account credentials, and more.

When an Android device becomes infected with the Cerberus trojan, the malware hides its icon from the application drawer. Then, it disguises itself as Flash Player Service to gain accessibility permission. If permission is granted, Cerberus will automatically register the compromised device to its command-and-control server, allowing the attacker to control the device remotely. To steal a victim’s credit card number or banking information, Cerberus launches remote screen overlay attacks. This type of attack displays an overlay on top of legitimate mobile banking apps and tricks users into entering their credentials onto a fake login screen. What’s more, Cerberus has already developed overlay attacks for a total of 30 unique targets and banking apps.

The creator additionally claimed to be utilizing the Trojan for personal operations for no less than two years earlier than renting it out for anybody from the previous two months at $2000 for 1-month utilization, $7000 for six months and as much as $12,000 for 12 months.

According to security researchers at ThreatFabric who analyzed a sample of Cerberus Trojan, the malware has a pretty common list of features, like:

taking screenshots

recording audio

recording key logs

sending, receiving, and deleting SMSes,

stealing contact lists

forwarding calls

collecting device information

Tracking device location

stealing account credentials,

disabling Play Protect

downloading additional apps and payloads

removing apps from the infected device

pushing notifications

locking device’s screen

Once infected, Cerberus first hides its icon from the application drawer and then asks for the accessibility permission by masquerading itself as Flash Player Service. If granted, the malware automatically registers the compromised device to its command-and-control server, allowing the buyer/attacker to control the device remotely.

This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyze your use of services, assist with our promotional and marketing efforts. Please refer to our Privacy Policy for more information. By using this site you agree and accept our use of cookies. For more information view our or to clear your cookie history on your browser click here. Find out more.